package org.starsource.forum.server.web;

import org.springframework.dao.DataAccessException;

import org.starsource.forum.client.domain.UserObject;
import org.starsource.forum.client.exception.DatabaseException;
import org.starsource.forum.client.exception.ServerException;
import org.starsource.forum.client.exception.UserNotFoundException;
import org.starsource.forum.client.web.UserService;
import org.starsource.forum.server.domain.User;
import org.starsource.forum.server.transaction.UserTransaction;
import org.starsource.forum.server.transaction.impl.SessionTransactionImpl;
import org.starsource.forum.server.util.Security;

/**
 * The server side implementation of the RPC service.
 */
public class UserServiceImpl extends SpringRemoteServiceServlet implements UserService {

	private static final long serialVersionUID = 5565086929813189748L;
	
	private static org.apache.log4j.Logger logger = org.apache.log4j.LogManager
	.getLogger(SessionTransactionImpl.class.getName());
	
	private UserTransaction userTransaction;
	
	public UserTransaction getUserTransaction() {
		return this.userTransaction;
	}
	
	public void setUserTransaction(UserTransaction userTransaction) {
		this.userTransaction = userTransaction;
	}

	public UserObject login(String account, String password) throws UserNotFoundException, DatabaseException, ServerException {
		
		try {
			String userAgent = getThreadLocalRequest().getHeader("User-Agent");
			User user = this.userTransaction.getUser(account, password);
			if (user == null) {
				logger.info("数据库找不到与帐号" + account + "及密码匹配的用户");
				throw new UserNotFoundException();			
			}
			this.getThreadLocalRequest().getSession().setAttribute("User", user);
			UserObject userObject = user.getUserObject();
			userObject.setPassword(Security.getMD5(userAgent + userObject.getAccount() + userObject.getPassword()));
			return userObject;
		} catch (UserNotFoundException e) {
			logger.warn(e.toString());
			throw e;
		} catch (DataAccessException e) {
			logger.warn(e.toString());
			throw new DatabaseException();
		} catch (Exception e) {
			logger.error(e.toString());
			throw new ServerException();
		}
	}

	@Override
	public void changePassword(String password)
	throws DatabaseException, ServerException {
		try {
			User user = (User)this.getThreadLocalRequest().getSession().getAttribute("User");
			user.setPassword(password);
			userTransaction.updateUser(user);
		} catch (DataAccessException e) {
			logger.warn(e.toString());
			throw new DatabaseException();
		} catch (Exception e) {
			logger.error(e.toString());
			throw new ServerException();
		}
	}

	@Override
	public UserObject authenticate(String account, String authKey)
			throws UserNotFoundException, DatabaseException, ServerException {
		String userAgent = getThreadLocalRequest().getHeader("User-Agent");
		User user = this.userTransaction.getUser(account);
		String md = Security.getMD5(userAgent + user.getAccount() + user.getPassword());
		if (!authKey.equals(md)) {
			logger.warn("用户帐号 " + account + "认证失败");
			throw new UserNotFoundException();
		}
		this.getThreadLocalRequest().getSession().setAttribute("User", user);
		UserObject userObject = user.getUserObject();
		userObject.setPassword(Security.getMD5(userAgent + userObject.getAccount() + userObject.getPassword()));
		return userObject;
	}

}
